AOL patches hole in Instant Messenger

America Online Inc. today said it patched a buffer overflow vulnerability in its AOL Instant Messenger (AIM) software.

Dulles, Va.-based AOL patched the vulnerability in AIM early this morning on its servers, said company spokesman Andrew Weinstein.

“To our knowledge, no users were affected,” he said, adding that users don’t need download anything.

The security hole was first publicized by Matt Conover, a founding member of the online security research group w00w00 Security Development. Conover said a feature of AIM Version 4.7 allows hackers to break into the victim’s system and execute code through a buffer overflow. The exploit can only be performed through the feature that allows online gamers to invite others to play with them, and it’s “fairly difficult to exploit,” according to Conover.

However, once successful, a malicious hacker has the ability to launch a worm like those that have penetrated Microsoft Outlook and Internet Information Server products, and it can be executed without the user’s knowledge.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now